PT-2018-11728 · FFmpeg+2 · Ffmpeg+2

Alexandru Razvan Caciulescu

Publicado

2018-07-05

Atualizado

2026-02-06

CVE-2018-13305

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.0.1

Description The issue arises from a missing check for negative values of the mquant variable in the vc1 put blocks clamped function, located in libavcodec/vc1 block.c. This can lead to an out-of-array access when converting a crafted AVI file to MPEG4, potentially resulting in information disclosure or a denial of service.

Recommendations For FFmpeg version 4.0.1, consider applying a patch that adds a check for negative mquant values in the vc1 put blocks clamped function to prevent out-of-array access. As a temporary workaround, avoid converting crafted AVI files to MPEG4 until a patch is available.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-2047

CLEANSTART-2026-EZ98723

CLEANSTART-2026-PS82605

CLEANSTART-2026-XE32069

CVE-2018-13305

OPENSUSE-SU-2020:0024-1

OPENSUSE-SU-2020_0024-1

OPENSUSE-SU-2024:10754-1

SUSE-SU-2018:3609-1

Produtos afetados

Alt Linux

Ffmpeg

Suse

PT-2018-11728 · FFmpeg+2 · Ffmpeg+2

CVE-2018-13305

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 192